In our current global political climate, nation states’ cyber attacks on governments have become just as probable as data breaches from individual hackers. At this point, federal leaders are acutely aware that we don’t have the cybersecurity personnel in place to combat these types of threats – but what’s really to blame for the shortage?
For years, experts have lasered in on the cybersecurity talent gaps that exist in federal and state governments; there simply aren’t enough highly-skilled cybersecurity experts to combat modern threats. To address these deficits, agency leaders must focus on reskilling and upskilling a workforce that represents the comprehensive viewpoints required to combat the various threats the U.S. is facing. And then, they must ensure the working environment is well-positioned to accommodate—read: retain—these individuals.
Today’s cybersecurity assailants—and the risks they pose—are diverse, agile, and more often than not, unpredictable. They’re anything but homogeneous, and the federal government requires a cyber workforce that’s as diverse as our adversaries.
Recruiting a diverse workforce enables cognitive diversity
To develop a cybersecurity response primed for modern threats, cyber teams must represent a multitude of thought processes, educational backgrounds, and perspectives. This creates cognitive diversity which can benefit a team of cybersecurity professionals substantially, encouraging expedited innovation, and better problem-solving.
When a team of cybersecurity professionals is diverse in every sense of the word—in their perspectives, education, life experiences, and skill sets–innovation flourishes. And to develop new approaches to emerging threats, we need new points of view on the cybersecurity problems at hand.
The increased prevalence and magnitude of cyber attacks are making the consequences of not addressing these talent gaps all the more imminent. A contributing factor to this predicament is that the intelligent and capable individuals who originally developed the framework for the cybersecurity industry are now working independently to find solutions to these talent gap issues, while addressing pressing cybersecurity threats. External input, openness to transformation, and an eventually enriched workforce will instill the variety of thoughts necessary to illuminate what the future workforce could look like.
Another important consideration to be mindful of is focusing on quality over quantity. This diversification process should not be centered around numbers or quotas, and in fact, there are technologies like AI or automation that can help empower the resources we have. The purpose of this workforce transformation is to enhance and elevate cybersecurity teams.
A diverse workforce requires a more inclusive cybersecurity culture
The problem at hand in security does not strictly stem from people, processes, or technology. These factors culminate to form the culture of the profession, which is where the flaws that have created the aforementioned limitations lie.
For federal agencies to create a diverse cybersecurity workforce, and to then reap the benefits of their perspectives, they must first create a culture that is inviting and appeals to a broader group of personnel. One way this can be accomplished is by eliminating the exclusivity of cybersecurity skill mastery, and instead further educating and training the existing workforce to become highly-skilled experts in the field. Through reskilling and upskilling existing agency personnel, an organization can leverage these individuals’ institutional knowledge and gain new insights into the problems at hand.
This newfound openness could alter the culture of the cyber landscape in the federal sector. It would create a space that nurtures those with varying backgrounds and bridge the gaps between the security function and other organizational structures to ensure measures are implemented at all levels.
What’s upskilling got to do with it?
Another important facet of this cultural transformation is prioritizing the ongoing education and training efforts for the existing workforce. This standard of life-long learning will create space for new ideas and encourage a culture that appeals to a broader group of people and a strengthened, more comprehensive pool of experts
There has been recent emphasis on cybersecurity training in the public sector, as evidenced by the Cybersecurity Training Bill passed by Congress this March. The Bill states that guidelines and curriculum developed by the DHS should be shared with any federal, state, tribal or local government entity and embedded in all levels of training and regulations to secure the country’s critical infrastructure.
For new security tools or models to take shape, they need to be accessible and easily understood by a diverse group of people. However, there are risks to simplifying our tools as well, and we need to ensure that our precautionary and proactive measures are not made less effective.
With the proper diversification of talent and the federal cybersecurity workforce, training will be provided to the individuals who can most effectively help it become reality in the face of evolving threats.
Mandy Andress is the chief information security officer at Elastic, an enterprise search company.
Have an Opinion?
This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email Federal Times Senior Managing Editor Cary O’Reilly.